- java.lang.Object
-
- javax.security.auth.kerberos.KeyTab
-
public final class KeyTab extends Object
This class encapsulates a keytab file.A Kerberos JAAS login module that obtains long term secret keys from a keytab file should use this class. The login module will store an instance of this class in the private credential set of a
Subject
during the commit phase of the authentication process.It might be necessary for the application to be granted a
PrivateCredentialPermission
if it needs to access the KeyTab instance from a Subject. This permission is not needed when the application depends on the default JGSS Kerberos mechanism to access the KeyTab. In that case, however, the application will need an appropriateServicePermission
.The keytab file format is described at http://www.ioplex.com/utilities/keytab.txt.
- Since:
- 1.7
-
-
Method Summary
Methods Modifier and Type Method and Description boolean
equals(Object other)
Compares the specified Object with this KeyTab for equality.boolean
exists()
Checks if the keytab file exists.static KeyTab
getInstance()
Returns the defaultKeyTab
instance.static KeyTab
getInstance(File file)
Returns aKeyTab
instance from aFile
object.KerberosKey[]
getKeys(KerberosPrincipal principal)
Returns fresh keys for the given Kerberos principal.int
hashCode()
Returns a hashcode for this KeyTab.String
toString()
Returns a string representation of the object.
-
-
-
Method Detail
-
getInstance
public static KeyTab getInstance(File file)
Returns aKeyTab
instance from aFile
object.The result of this method is never null. This method only associates the returned
KeyTab
object with the file and does not read it.- Parameters:
file
- the keytabFile
object, must not be null- Returns:
- the keytab instance
- Throws:
NullPointerException
- if thefile
argument is null
-
getInstance
public static KeyTab getInstance()
Returns the defaultKeyTab
instance.The result of this method is never null. This method only associates the returned
KeyTab
object with the default keytab file and does not read it.- Returns:
- the default keytab instance.
-
getKeys
public KerberosKey[] getKeys(KerberosPrincipal principal)
Returns fresh keys for the given Kerberos principal.Implementation of this method should make sure the returned keys match the latest content of the keytab file. The result is a newly created copy that can be modified by the caller without modifying the keytab object. The caller should
destroy
the result keys after they are used.Please note that the keytab file can be created after the
KeyTab
object is instantiated and its content may change over time. Therefore, an application should call this method only when it needs to use the keys. Any previous result from an earlier invocation could potentially be expired.If there is any error (say, I/O error or format error) during the reading process of the KeyTab file, a saved result should be returned. If there is no saved result (say, this is the first time this method is called, or, all previous read attempts failed), an empty array should be returned. This can make sure the result is not drastically changed during the (probably slow) update of the keytab file.
Each time this method is called and the reading of the file succeeds with no exception (say, I/O error or file format error), the result should be saved for
principal
. The implementation can also save keys for other principals having keys in the same keytab object if convenient.Any unsupported key read from the keytab is ignored and not included in the result.
- Parameters:
principal
- the Kerberos principal, must not be null.- Returns:
- the keys (never null, may be empty)
- Throws:
NullPointerException
- if theprincipal
argument is nullSecurityException
- if a security manager exists and the read access to the keytab file is not permitted
-
exists
public boolean exists()
Checks if the keytab file exists. Implementation of this method should make sure that the result matches the latest status of the keytab file.The caller can use the result to determine if it should fallback to another mechanism to read the keys.
- Returns:
- true if the keytab file exists; false otherwise.
- Throws:
SecurityException
- if a security manager exists and the read access to the keytab file is not permitted
-
toString
public String toString()
Description copied from class:Object
Returns a string representation of the object. In general, thetoString
method returns a string that "textually represents" this object. The result should be a concise but informative representation that is easy for a person to read. It is recommended that all subclasses override this method.The
toString
method for classObject
returns a string consisting of the name of the class of which the object is an instance, the at-sign character `@
', and the unsigned hexadecimal representation of the hash code of the object. In other words, this method returns a string equal to the value of:getClass().getName() + '@' + Integer.toHexString(hashCode())
-
hashCode
public int hashCode()
Returns a hashcode for this KeyTab.- Overrides:
hashCode
in classObject
- Returns:
- a hashCode() for the
KeyTab
- See Also:
Object.equals(java.lang.Object)
,System.identityHashCode(java.lang.Object)
-
equals
public boolean equals(Object other)
Compares the specified Object with this KeyTab for equality. Returns true if the given object is also aKeyTab
and the twoKeyTab
instances are equivalent.- Overrides:
equals
in classObject
- Parameters:
other
- the Object to compare to- Returns:
- true if the specified object is equal to this KeyTab
- See Also:
Object.hashCode()
,HashMap
-
-
Document created the 11/06/2005, last modified the 04/03/2020
Source of the printed document:https://www.gaudry.be/en/java-api-rf-javax/security/auth/kerberos/keytab.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.